Remix!! Using Powershell to parse ESE Transaction Logs ...
Let me preface this post by saying this: I'm a tad lazy. However, the newest addition to our team, Brad Hughes, is not. Far from it. That being said, he took it upon himself to rewrite my "Rough & Tough" approach to parsing ESE logs in Powershell. Enjoy ...
1. Download & install Powershell
2. Download & install strings.exe; make sure strings.exe is in your path
3. Place all your transaction logs into a temp directory (i.e. D:\templogs)
4. Fire up Powershell
5. Run the following command:
strings.exe -q -n 16 D:\templogs\*.log | foreach-object { ($_.Split(":".ToCharArray(),3)[2]) }| group-object | select-object count,name | sort count | export-csv C:\temp\output.csv
What this is doing:
· Identifies all strings in the logs greater than 16 chars
· Removes the D:\templogs\E00xxxx.log: from the output
· Sorts the output
· Finds all duplicate records, and retains a count
· Sorts the final output (ending with the largest # of occurrences)
· Writes all the output to D:\templogs\output.csv
As before, the output will be sorted from the least number of repeating occurences to greatest, but now it's in a nifty csv format that you use Excel to do all sorts of fancy sorting.
Note: this post will probably be obsolote in the next 15 minutes, as Brad will likely re-write this in assembly next.
Update: you'll have to put the output.csv file into a different directory from the logs that you're trying to parse. Otherwise, you'll get into an endless loop where we try to parse the output.csv file as well.
strings.exe -q -n 16 D:\templogs\*.log | foreach-object { ($_.Split(":".ToCharArray(),3)[2]) }| group-object | select-object count,name | sort count | export-csv C:\temp\output.csv